1. Field of the Invention
This invention pertains in general to computer networks and in particular to providing network services to remote enterprise networks.
2. Description of the Related Art
Many enterprises, such as businesses, schools, and government agencies, operate computer networks. Best practices dictate that these networks be maintained in a manner compliant with security and other policies. Malicious entities frequently attempt to compromise enterprise networks in order to perform malicious tasks such as obtaining confidential information, destroying data, and taking control of networked computers for use in subsequent attacks.
Usually, a network administrator is tasked with maintaining security on the enterprise network. There are a variety of network analysis tools that the administrator can use to secure or otherwise maintain the network. These tools are often provided as “appliances” that the administrator can install within the enterprise network in order to maintain it. While appliance-based tools work well, such tools are often designed for and marketed to large enterprises. For example, the tools can be designed to maintain an enterprise network having thousands of devices and may cost thousands of dollars. Therefore, these types of appliance-based tools are often impractical and unaffordable for smaller enterprises with, e.g., fewer than 100 network devices.
A cloud-based tool that remotely analyzes an enterprise network is one alternative to appliance-based tools. However, in the typical case it is not possible to reach the enterprise network from the cloud because the network is hidden behind a router or other device that prevents remote inspection. Oftentimes, the enterprise network is connected to the Internet using a router that performs network address translation (NAT) and/or contains a firewall. Such a router hides the internals of the enterprise network. Thus, a cloud-based tool cannot “see” the enterprise network with the level of detail needed to provide network services.